As the title suggests, this post is about triple booting the Asus T100TA with Windows, Lubuntu and an encrypted Linux Mint.
This was made possible with thanks to John Well’s blog post on installing Ubuntu onto the T100TA, a custom encryption setup tutorial, a full disk encryption tutorial, as well as documentation from elsewhere such as Ubuntu and Debian help pages.
Here you will find instructions on how to successfully have three functioning operating systems, information on setting up custom encryption on the T100TA, as well as the usual issues.
This information is only relevant to you if you are looking to triple boot, encrypt your Linux system on the T100 series, searching for updates in regards to installing Linux, and/or differences when installing an Xcfe desktop such as Lubuntu. You are otherwise best referring to John Well’s post on how to install Ubuntu dual booting with Windows – if this is ultimately what you are looking to do.
In case you’re wondering why on Earth would you want to triple boot an Asus T100 additionally with an encrypted system? It’s a good question, with a few good answers:
- First and foremost, the T100TA-H1 comes with an additional 500g HDD keyboard dock (therefore located under the keyboard) – as well as the 32g SSD. See here for more details. Its hardware and specifications are otherwise that of the T100TA, but with some real hard drive space.
- Whilst there is still no onboard keyboard support for cryptsetup, therefore no simple way to unlock a LUKS encryption without a keyboard, a 500g disk located under the keyboard of this machine means that you would only be using this OS with a keyboard. Therefore encryption makes sense for the security of this ‘docked-only’ operating system.
- Having an un-encrypted Linux based system, in this case Lubuntu, installed on the 32g SSD is necessary to in order to use Linux on the transformer book when undocked. Not to mention a lightweight desktop is a good idea when partitioning an already small disk (32g).
To summarise, the setup for this transformer book was as follows:
- Windows 8.1 installed on the 32g SSD (using 25g)
- Lubuntu 16.10 installed on the 32g SSD (using 7g)
- Linux Mint 18.1 encrypted installed on the 500g HDD (full disk)
- Unlocking Bitlocker encryption to resize Windows partition
- Making 64-bit Linux Mint bootable USB (in Linux)
- Resizing Windows partition and creating Lubuntu partitions
- Setting up Linux Mint partitions and volumes for encryption
- Installing Linux Mint with custom encryption setup
- Editing Linux Mint encryption settings and finalizing
- Installing Lubuntu to 32g hard drive
- Booting into Lubuntu for first time
- Enabling wifi and fixing the bootloader
- Enabling UCM for sound in Lubuntu
- Installing onscreen keyboard and rotate script for Lubuntu
- Troubleshooting – bootloader and grub problems
1. Unlocking Bitlocker encryption to resize Windows partition
Firstly, you have to decrypt your Bitlocker partition (if not already off) in order to reduce the data partition of Windows 8.1. This is achieved searching for Bitlocker in the Windows control panel and going to Bitlocker Drive Encyrption. Here you should find the option to turn off bitlocker. Choose this and wait a while, it’ll take some time.
Others will claim you simply right click on you C drive and go to the Manage BitLocker, but I found in Windows 8.1 this wasn’t an option.
Alternatively check out DisLocker if you really want to do this from Linux. You’ll however need to make a Live Linux USB, as described in step 2.
2. Making 64-bit Linux Mint bootable USB (in Linux)
For instructions to do this in Windows, see here.
Here we need to make a bootable 64-bit Linux USB with a 32-bit bootloader (this one), as the Asus T100TA has 64-bit hardware compatibilities but only a 32-bit bootloading option. There’s no-one talking about installing 32-bit Linux onto this machine, apparently it doesn’t work, so trying to do this won’t be a shortcut (I tried).
After downloading, for example, 64-bit Linux Mint 18.1, I’d recommend you then install ISO Master, Unetbootin and Gparted, using another Linux-based computer (in this example Debian-based). Personally these were the only programs I found that worked to modify the ISO image, write the ISO to USB and make it bootable. Therefore type in terminal:
$ sudo apt-get install isomaster unetbootin gparted
Firstly in Gparted, delete all partitions of your USB and click apply. Next, go to Device -> Create Partition Table and select GPT. Finally, format the USB to have one FAT32 partition available for writing the ISO image to. Right click unallocated space, select New, in the options select all available space and partition type as FAT32.
Then start ISO Master from menu or type isomaster into terminal. With this program, you’ll be able to extract an ISO image in order to include the 32-bit bootloader (linked above) into the /Boot/EFI directory. Then save the ISO with a different name to the original.
Next, open Unetbootin and select the disk image you created, making sure to select correct disk (USB) to write the data. Alternatively, you can write the ISO to the USB using Terminal and the dd command.
$ dd if=/directory/file-name.iso of=/dev/sdX bs=1MB
(Where directory/file-name is the full path and file name, X is the device name, which can be checked on Disks Utility or Gparted)
Finally you’ll need to add a boot flag, which can be done via Disks Utility, under Edit Partition option after selecting the partition with the ISO image.
3. Resizing Windows partition and creating Lubuntu partitions
After you’ve successfully managed to boot into Linux Mint, by turning off Secure Boot in the BIOS and changing boot order – see John Well’s original post, step 2 for more information – once the GRUB appears you can then directly boot into the Linux Mint live version (not the install), as John says “no need to edit anything any more”.
Once booted up head to Menu -> Administration -> Gparted. Next resize the Windows data partition (probably /dev/mmcblk0p4 – that is now unencrypted) to something that gives you enough space for Lubuntu, ideally at least 6.5g. So right click on the partition, select Resize/Move. Then apply. You should then have unallocated space available.
Next create three partitions. To create new partition, right click on unallocated space, and click new:
- 256mb as ext4, that will be /dev/mmcblk0p5 for your boot
- 2g as swap (or unformatted) that will be /dev/mmcblk0p6 for your swap
- Remaining space as ext4 that will be /dev/mmcblk0p7 for your root
Once all partitions have been drafted, click apply again. Some people will argue having upto 4g swap instead of 2g, but without hibernation functioning on the TA100TA, 2g should be more than enough.
Alternatively, you can resize and make partitions using Ease US Partition Manager (free trial), however the above steps saves booting into Windows and installing another program.
4. Setting up Linux Mint partitions and volumes for encryption
Since you are still in Gparted, set up partitions for Linux Mint. Go to your 500g hard drive and delete all partitions, click apply.
Your 500g HDD will likely be /dev/sdb (which will be used as the example disk), but make sure you are deleting the partitions of the correct disk. You should then have 500g of unallocated space. Perfect.
Create new partition, right click on unallocated space, and click new. Create 256mb partition formatted to ext4, this will be your Mint boot partition. Leave the remaining unallocated space for the Mint installer.
The following is largely based on a Linux Mint 17-18 Full Disk Encryption Tutorial, so kudos to linux22 for this, though we won’t be encrypting the boot partition or disabling the bootloader installation.
Staying in Linux Mint Live, click on the Install icon in the Desktop, following the instructions up until Installation type. Here choose ‘Something else’.
Now, similar to the screenshot below, select the free space of your 500g disk, and create as below, but with the size as the total unallocated free space available (minus 1mb, for good luck). For better security, tick the ‘Overwrite empty disk space’ box, however this will take a very long time.
Now we have the boot partition /dev/sdb1 and the LUKS encrypted partition /dev/sdb2, where we will create the volume group and volumes. Ideally you would be installing Logical Volume Manager GUI (graphical interface), but due to lack of functioning internet on the Live USB, it’s best to simply do the following.
Open a Terminal window (Ctrl+Alt+T) or via Menu and type the following:
$ sudo pvcreate /dev/mapper/sdb2_crypt
$ sudo vgcreate mint /dev/mapper/sdb2_crypt
$ sudo lvcreate -L 4G mint -n swap
$ sudo lvcreate -l +100%FREE mint -n root
The first command create the Physical Volume, the second command create the Volume Group, the third command create the Logical Volumes for swap, with a size of 4 GB, the fourth command create the Logical Volume for root, with the remaining space available in the Volume group.
5. Installing Linux Mint with custom encryption setup
Now, back into the Mint installer, click Back and Continue, in order to refresh the partition manager. If this doesn’t work, close it and open it again. Unfortunately, there is no refresh button.
Then, assign the root and swap volumes as following:
Finally, you need to select /dev/sdb1 to use as ext4 with the mount point /boot. This is your boot partition that is not in your encrypted disk.
You can leave the Device for bootloader installation option as it is (that isn’t shown in the screenshots above or below) since it won’t work, click Install Now and confirm changes to disk.
Select your timezone and then click ‘Continue’
Select your keyboard and then click ‘Continue’
Choose your username and password and then click ‘Continue’
The installation will almost certainly fail on installing the bootloader, however we won’t be using the Mint bootloader, so this doesn’t matter. Instead we’ll be using Lubuntu’s bootloader with Lubuntu’s GRUB to choose between booting into either Lubuntu, Linux Mint or Windows*.
Therefore press the Continue Testing button.
This is so that it will automatically boot into Lubuntu when no grub options are executed, such as when undocked. Otherwise Linux Mint’s grub would by default make Linux Mint the first in the list of operating systems to boot into, which would make booting into Lubuntu when in undocked format not possible, as grub does not support touchscreen.
Furthermore Mint’s bootloader won’t work reliably to find the grub in the boot partition on /dev/sdb, since the 500g HDD won’t be read in time by the BIOS to boot into it. I experimented a bit with this problem but found the only way-around to be cycling through the BIOS settings then restarting for the bootloader to successfully find the grub. Basically the bootloader would only do its job during a warm boot, not a cold boot.
We can then come back later to resolve issues with Linux Mint.
*Providing that Bitlocker isn’t turned back on, otherwise there is no current solution for GRUB booting into the Linux systems as there is still no available 32-bit EFI secure boot available for Debian-based systems.
6. Editing Linux Mint encryption settings and finalizing
Taken from the Installation with custom encryption setup tutorial, courtesy of Laurent85, with reference to the above installation as well as a vital change to the crypttab file, required for the Asus T100TA-H1:
Using Terminal, mounting root logical volume:
$ sudo mount /dev/mapper/mint-root /mnt
Mounting boot partition dedicated to Linux Mint 18.1 Cinnamon:
$ sudo mount /dev/sdb1 /mnt/boot
Mounting special devices:
$ sudo mount –bind /dev /mnt/dev
$ sudo chroot /mnt mount -t proc proc /proc
$ sudo chroot /mnt mount -t sysfs sysfs /sys
$ sudo chroot /mnt mount -t devpts devpts /dev/pts
Creating crypttab file:
$ gksu xed /mnt/etc/crypttab
With the following content:
# <target name> <source device> <key file> <options>
sdb2_crypt UUID=df1cd2cd-5869-4972-818e-7f06a9ddc729 none luks
Here we will use the UUID, rather than /dev/sdb2, in order to avoid problems between cold and warm boots, therefore in Terminal type:
$ cd /dev/disk/by-uuid
Then copy this UUID of /dev/sdb2 into crypttab file (replacing df1cd2cd-5869-4972-818e-7f06a9ddc729 – an example). Furthermore, replace sdb2_crypt with your /dev/mapper/ label, if different.
Updating initrd, you can ignore the warning message:
$ sudo chroot /mnt update-initramfs -u
7. Installing Lubuntu to 32g hard drive
To summarise, the instructions to install Lubuntu are step 2 again, instead downloading a Lubuntu 64-bit iso, using the same 32-bit bootloader. Next you can go straight into the installer, since we don’t have any logical volumes or encryption settings to configure, and we have already partitioned the disk for the installation.
Again, we select ‘Something else’, as in step 5 and assign the following:
- /dev/mmcblk0p5 use as ext4, mount point: /boot
- /dev/mmcblk0p6 use as swap
- /dev/mmcblk0p7 use as root, mount point: /
Once again, ignoring the bootloader option, which isn’t going to help us this time round. Lubuntu won’t recognise it needs a 32-bit bootloader, it will instead, by default, attempt to install a 64-bit bootloader, and fail.
Once the installation has failed (on installing the bootloader), before rebooting, access your file manager and go into /boot. Here you will see boot files and you will need to make a note of vmlinuz- as well as initrd.img- file names, something like:
initrd.img-4.10.0-20-generic and vmlinuz-4.10.0-20-generic
Now we reboot, leaving the USB in, ready to bootstrap into Lubuntu.
8. Booting into Lubuntu for first time
For this, see John Well’s post step 4 of ‘First boot’ for detailed explanation of how bootstrapping works. However, the initrd file name will be initrd.img-xxxx and root will be /dev/mmcblk0p7, if your setup is the same as the instructions above. Therefore here is a slight modification to the original commands.
Boot up from USB again, in the GRUB Hit ‘c’ to drop to a Grub command line to provide Grub with the path to your kernel:
$ linux (hd2,gpt5)/boot/vmlinuz-x.xx-x-xx root=/dev/mmcblk0p7
Then you need to specify the location of your initrd:
$ initrd (hd2,gpt5)/boot/initrd.img-x.xx-x-xx
(where x.xx-x-xx is the file name previously noted, ie 4.10.0-20-generic)
Then hit Enter. If you have any problems, refer to the original post.
If you really can’t get this to work, don’t worry, you can skip to the troubleshooting section for an alternative solution. Follow these instructions by using the Linux Mint Live USB, with wifi enabled, for fixing the bootloader with Boot-Repair.
9. Enabling wifi and fixing the bootloader
From here on in you should refer directly to John Well’s post, as many of these steps work in both Lubuntu and Linux Mint as of 2017, with changes and updates explained below.
Step 5 – Enabling wifi, this works both in Lubuntu 16.10 and Linux Mint 18.1, so you can follow this step to the letter. You should do this now in Lubuntu, and come back later for Linux Mint.
Step 6 – Fixing the bootloader, this won’t be necessary in Linux Mint 18.1, since we won’t be using the bootloader or grub, so only do so in Lubuntu, with the additional commands included.
Install grub-efi-ia32 and edit the grub configuration file as explained, but before the sudo update-grub command, you’ll need to unlock your LUKS encrypted partition (Linux Mint), in order for Lubuntu’s grub to recognise this operating system.
Make sure the transformer book is docked and in Lubuntu go to Preferences -> Disk. Then go to your 500g hard drive, /dev/sdb, then to the partition /dev/sdb2 and click the locked padlock to unlock your disk.
If you disk is not recognised as /dev/sdb, but as sda or sdc etc, then refer to the troubleshooting section below.
Once unlocked, in Terminal type:
$ sudo apt-get install os-prober
With your encrypted disk unlocked, os-prober should reocognise Linux Mint (referenced as /dev/mapper/mint-root) all being well, as well Windows 8.1, creating both of these systems as options in your grub.
Then update the grub:
$ sudo update-grub
After rebooting you should now have the option of booting into Lubuntu, Linux Mint as well as Windows. Check and see if they all work, if you are still having problems, see Troubleshooting below.
Note: In case it’s not obvious, when updating grub in Lubuntu, you’ll need the system docked with your encrypted partition unlocked (as above). Otherwise you’ll loose the Linux Mint option in your grub. If in doubt, only update Lubuntu when you have it docked and encrypted disk unlocked.
10. Enabling UCM for sound in Lubuntu
Step 7 – Sound, this step works in Linux Mint 18.1, but due to Lubuntu’s lightweight nature, you’ll need to follow some Debian installation advice. However, from Lubuntu 17.04 using the 4.10 kernel, this has apparently been resolved. If this is not the case, or you’re using Lubuntu LTS (16.04), then you’ll need to enable ALSA’s UCM (Use Care Manager).
First download the UCM GitHub repository by clicking here. Then, in file manager locate the zip, in Home or Downloads, and extract the folder bytcr-rt5640 located in UCM-master to your Downloads folder.
In Terminal, copy the ucm files (where user is your user name), create the configuration file and restore PulseAudio in order to recognise it:
$ sudo cp -rf /home/user/Downloads/bytcr-rt5640 /usr/share/alsa/ucm
$ alsactl store
$ pulseaudio -k
If this didn’t work, try rebooting and checking again. Finally, you may need pauvcontrol to be able to manually select between speakers and headphones, as this isn’t always automated with Pulse Audio:
$ sudo apt-get install pavucontrol
11. Installing onscreen keyboard and rotate script for Lubuntu
Step 8 – Upgrading to a newer kernel, is no longer necessary, however choosing the latest version of Lubuntu is well recommended, 17.04, which is based on the 4.10 kernel. Linux Mint is based on the 4.4 kernel, but both are now newer than the modified kernel linked in the post.
Step 9 – Other scripts, in Lubuntu 16.10+, the docked/undocked script should no-longer necessary, as this option is now integrated in Onboard, the onscreen keyboard. Furthermore, if you just use Lubuntu as your undocked Linux, you can always just permanently switch on Onboard.
However, you’ll need to install Onboard in Lubuntu and you’ll want to set it up for your login screen, in order to type your password (if set) for your undocked Linux system. However, there’s not much point in doing this in Linux Mint since it won’t be used (can’t be) undocked.
$ sudo apt-get install onboard
$ sudo leafpad /etc/lightdm/lightdm-gtk-greeter.conf.d/30_lubuntu.conf
In the file, at the bottom, replace #keyboard= with: keyboard=onboard
Now Ctrl+S to save the file, and close it. On your next reboot you will find Onboard in the Universal Access icon (looks like a little man) to activate Onboard. Don’t forget to activate the docking/undocking option, and for it to be automated when typing something.
Finally, for the rotate script, you’ll need to install x11-server-utils, which now replaces xrandr (that the script uses to identify screen rotation):
$ sudo apt-get install x11-xserver-utils
On your next reboot, the rotate script should be working.
12. Troubleshooting – bootloader and grub problems
If installing the grub-efi-ia32 didn’t work out the box for you, don’t panic, it didn’t work for me either, instead you will successfully be able to install the grub-efi-ia32 package by purging (removing) the grub and re-installing, in part by using Boot Repair. Make sure your LUKS encryption is unlocked and your laptop docked. In Terminal, type:
$ sudo add-apt-repository ppa:yannubuntu/boot-repair
$ sudo apt-get update
$ sudo apt-get install -y boot-repair && boot-repair
After the program has checked for operating systems and mounted your file systems, answer No to raid and Yes to partitions are derypted, then select Advanced options. In this Main options select; Re-install grub, Use the standard EFI file and Backup Windows EIF files.
Then go to GRUB location and select Lubuntu (referenced as Ubuntu) as OS to boot by default, making sure the Seperate boot partition is selected as /dev/mmcblk0p5 and efi partition as /dev/mmcblk0p1. It’s worth checking Linux Mint is listed as an option as OS to boot by default, otherwise this isn’t going to make it available in grub.
Untick SecureBoot, since 32-bit doesn’t exist yet, make sure the purging kernel option isn’t selected (this shouldn’t be necessary, unless it recommends it) and click Apply.
Boot-Repair will then ask you to copy and paste a handful of lines of commands into Terminal, such as checking for raid, installing lvm2 and purging grub-common. Do this then click next. However, you will have to do the next step manually, installing grub-efi-ia32, os-prober and linux-generic, as Boot-Repair won’t recognise you need grub-efi-ia32.
The Terminal commands lbelow will however need to have chroot “/mnt/boot-sav/mapper/mint-root” before them, or wherever your filesystems have been mounted to. Boot-repair will clarify this to you when suggesting command lines to execute:
$ sudo apt-get install -y –force-yes grub-efi-ia32 os-prober linux-generic*
$ grub-install –target=i386-pc
$ update-initramfs -u
If Boot-repair suggests this first line differently, then do this, making sure to change grub–efi–amd64 to grub-efi-ia32 in this command line however. It will likely suggest installing grub-common and grub2-common as well, but the grub-efi-ia32 package will install these anyway. Either way, once you have done this, do not click next, continue with the grub-install upto update-grub. As otherwise Boot Repair with attempt (and fail) to install 64 bit grub instead of the required 32 bit.
Now before rebooting, go into your boot partition and make a note of the vmlinuz and initrd.img files again, these would of likely changed due to re-installing the latest linux generic headers, so you’ll need these in case this step didn’t work for you – in order to try and bootstrap your way in again. Once you’re in, your sorted.
Now close boot repair (click Discard) and reboot.